summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@samba.org>2012-11-07 10:19:19 -0500
committerJeff Layton <jlayton@samba.org>2012-11-07 10:19:19 -0500
commit3a41103dfea64856c8317099496716a7f9010769 (patch)
tree7f2412088d7a87d1aeb16b238186982d57b885a5
parentaa7cbf3ebc5df89b592815623459dabf6a21f5eb (diff)
downloadcifs-utils-3a41103dfea64856c8317099496716a7f9010769.tar.gz
cifs-utils-3a41103dfea64856c8317099496716a7f9010769.tar.bz2
cifs-utils-3a41103dfea64856c8317099496716a7f9010769.zip
getcifsacl: fix endianness bug in getcifsacl and add better bounds checks
getcifsacl must convert the access_req field from little endian. Also, we should ensure that the "size" field in the ACE is reachable before trying to access it. Signed-off-by: Jeff Layton <jlayton@samba.org>
-rw-r--r--getcifsacl.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/getcifsacl.c b/getcifsacl.c
index b832c50..c576fc0 100644
--- a/getcifsacl.c
+++ b/getcifsacl.c
@@ -31,6 +31,7 @@
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stddef.h>
#include <errno.h>
#include <limits.h>
#include <wbclient.h>
@@ -235,7 +236,15 @@ print_sid_raw:
static void
print_ace(struct cifs_ace *pace, char *end_of_acl, int raw)
{
- /* 16 == size of cifs_ace sans the cifs_sid */
+ uint16_t size;
+
+ /* make sure we can safely get to "size" */
+ if (end_of_acl < (char *)pace + offsetof(struct cifs_ace, size) + 1)
+ return;
+
+ size = le16toh(pace->size);
+
+ /* 16 == size of cifs_ace when cifs_sid has no subauths */
if (le16toh(pace->size) < 16)
return;
@@ -250,8 +259,7 @@ print_ace(struct cifs_ace *pace, char *end_of_acl, int raw)
printf("/");
print_ace_flags(pace->flags, raw);
printf("/");
- print_ace_mask(pace->access_req, raw);
-
+ print_ace_mask(le32toh(pace->access_req), raw);
return;
}